diff options
author | Damien Miller <djm@mindrot.org> | 2000-06-26 11:31:33 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-06-26 11:31:33 +1000 |
commit | 1f335fb8d81a23c6ddce3062a4e2d4efe9d8a59e (patch) | |
tree | e0b2ff2cff12a83740f16bb7da48f592402bdcae /auth.c | |
parent | c0fd17fdca5853c0c6bfdfc364d8c5418dcab86b (diff) |
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -22,6 +22,9 @@ RCSID("$OpenBSD: auth.c,v 1.7 2000/05/17 21:37:24 deraadt Exp $"); #ifdef HAVE_LOGIN_H #include <login.h> #endif +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#include <shadow.h> +#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ #include "bufaux.h" #include "ssh2.h" @@ -53,11 +56,32 @@ allowed_user(struct passwd * pw) #ifdef WITH_AIXAUTHENTICATE char *loginmsg; #endif /* WITH_AIXAUTHENTICATE */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \ + defined(HAS_SHADOW_EXPIRE) + struct spwd *spw; /* Shouldn't be called if pw is NULL, but better safe than sorry... */ if (!pw) return 0; + spw = getspnam(pw->pw_name); + if (spw == NULL) + return 0; + + /* Check account expiry */ + if ((spw->sp_expire > 0) && ((time(NULL) / 86400) > spw->sp_expire)) + return 0; + + /* Check password expiry */ + if ((spw->sp_lstchg > 0) && (spw->sp_inact > 0) && + ((time(NULL) / 86400) > (spw->sp_lstchg + spw->sp_inact))) + return 0; +#else + /* Shouldn't be called if pw is NULL, but better safe than sorry... */ + if (!pw) + return 0; +#endif + /* * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. |